Information for Developers
Developers looking to integrate Bridged EUROe should closely familiriase themselves with the contents of this page in addition to the design, architecture, and components of the EUROe stablecoin and the bridge system they choose.
Known issues
Permit DoS issue
Thank you oot2k for responsibly disclosing this issue.
An attacker can delay, or in extreme scenarios prevent, the burning of EUROe.b if the burnFromWithPermit()
function is used as the only method for decreasing supply. The below diagram illustrates how the attack is performed.
As shown above, an attacker can observe a valid permit in the mempool and use it in another transaction (and function), invalidating the permit for the use in the burnFromWithPermit()
. This attack can be repeated infinitely, causing a denial of service attack to the burnFromWithPermit()
function. Attacking requires the consumption of gas to frontrun the original transaction and is therefore not free. It is, however, a valid concern especially on low-cost chains where the cost of the attack may be negligible compared to its impact.
Suggested prevention measures
- Do not use burnFromWithPermit
- Send transactions to a private mempool
- Use a fallback method where funds are transferred to an entity which can call the normal
burn()
- Utilise the normal approve-allowance pattern in conjunction with
burnFrom()